zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-08-25 18:33:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

paypal wants a dns based webhook origin check

Browse source
This commit is contained in:
Kyle Drake 2025-08-15 01:14:11 -05:00
parent 71dd43971a
commit 198e60d179
1 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
app/webhooks.rb
View file

@ -3,12 +3,15 @@ post '/webhooks/paypal' do
end end
def valid_paypal_webhook_source? def valid_paypal_webhook_source?
# https://www.paypal.com/us/smarthelp/article/what-are-the-ip-addresses-for-live-paypal-servers-ts1056 return true if request.ip == '127.0.0.1'
request_ip = IPAddress::IPv4.new request.ip
['127.0.0.1', '66.211.170.66', '173.0.81.0/24'].each do |ip| # Use DNS to resolve notify.paypal.com as PayPal recommends
return true if IPAddress::IPv4.new(ip).include? request_ip begin
resolved_ips = Resolv.getaddresses 'notify.paypal.com'
return resolved_ips.include?(request.ip)
rescue Resolv::ResolvError
return false
end end
false
end end
post '/webhooks/paypal/tipping_notify' do post '/webhooks/paypal/tipping_notify' do